Intel Boot Guard keys leaked

Boot Guard Keys From MSI Hack Posted, Many PCs Vulnerable

Posted on

Files purloined during the substantial MSI hack last month have started to proliferate around the dark web. One of the more worrying things spotted among the digital loot is an Intel OEM private key. MSI would have used this to sign its firmware/BIOS updates to pass Intel Boot Guard verification checks. Now hackers can use the key to sign malicious BIOS, firmware and apps, which will look entirely like official MSI releases.

In the wake of being hacked last month, MSI began to urge customers to source firmware/BIOS updates exclusively from its official website. The well known PCs, components and peripherals firm was being extorted by a ransomware group called Money Message. Apparently the extortionists had swiped 1.5TB of data, including various source code files, private keys, and tools to develop firmware. Reports said that Money Message were asking for over four million dollars, to return the entirety of the data back to MSI. Over a month has passed, and it looks like MSI hasn’t paid up. Therefore, we are now seeing the fallout.

Intel Boot Guard ensures that PCs only can run verified apps before boot. In a white paper about ‘below-the-OS-security (PDF), Intel talks with some pride about its BIOS Guard, Boot Guard, and Firmware Guard technologies. Boot Guard is a “key element of hardware-based boot integrity that meets the Microsoft Windows requirements for UEFI Secure Boot.” Sadly, it is not longer going to be a useful ‘guard’ for a wide range of MSI systems.

Intel Boot Guard, part of Intel Hardware Shield (Image credit: Intel)

Tweets published by Binarly (a supply chain security platform) and its founder Alex Matrosov, neatly spell out the dangers presented by this leak of Boot Guard keys and other data in the MSI haul. The security specialist suggests that other device vendors will be affected by MSI’s leak, including Intel, Lenovo, Supermicro, and many others. A GitHub page linked by Binarly lists the 57 MSI PC systems which have had firmware keys leaked, and the 166 systems which have had Intel Boot Guard BPM/KM keys leaked.

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *